Spymac WebOS Blogs blog_newentry.php Multiple Variable XSS

2005-11-04T13:59:14
ID OSVDB:20903
Type osvdb
Reporter OSVDB
Modified 2005-11-04T13:59:14

Description

Manual Testing Notes

http://[target]/blogs/blog_newentry.php?inspire=134403[XSS-CODE]&system=blogentries&title=Blogs%20now%20online http://[target]/blogs/blog_newentry.php?inspire=134403&system=blogentries[XSS-CODE]&title=Blogs%20now%20online http://[target]/blogs/blog_newentry.php?inspire=134403&system=blogentries&title=Blogs%20now%20online[XSS-CODE]

References:

Vendor URL: http://www.spymac.com/ Related OSVDB ID: 20905 Related OSVDB ID: 20904 Related OSVDB ID: 20906 Related OSVDB ID: 20902 Related OSVDB ID: 20907 Other Advisory URL: http://lostmon.blogspot.com/2005/11/spymac-web-os-v4-blogs-and-notes.html FrSIRT Advisory: ADV-2005-2312 CVE-2005-3511